VPNs are a good way to protect your online activity and privacy. However, they are not impenetrable. There are certain weaknesses that can compromise your identity even if you use a VPN. One such vulnerability is a DNS leak.
What is DNS?
You can think of the domain name system (DNS) as the Internet’s phonebook. It links URLs, the web addresses that humans use, like www.protonvpn.com, to Internet Protocol (IP) addresses, the web addresses computers use, like 22.214.171.124. When you type an URL into your browser, it sends out a request that is directed to the correct IP address. This makes DNS one of the foundations of the Internet.
What causes DNS leaks?
DNS lookups run in the background and do not require any interaction from the user once the request has been initiated. Typically, your computer will use the DNS servers provided by your Internet service provider (ISP). Because you must perform a DNS lookup each time you visit a website, the operators of the DNS server you are using can monitor every single site that you visit.
However, even if you use a third-party DNS server or your own DNS server, your ISP will still be able to monitor your DNS requests if they are not encrypted.
Other causes of DNS leakage
VPNs will encrypt your DNS requests along with the rest of your Internet traffic but there are several situations that could lead to DNS leaks and expose your online activity.
- You manually configured your VPN connection: If you have set up your own VPN connection, there is a much higher risk of DNS leaks if the DNS settings are misconfigured.
- An intruder controls your router: If you are using public Wi-Fi, an intruder could trick your device into sending its DNS requests outside the encrypted VPN connection.
- Your connection to the VPN server is interrupted: If you lose connection to your VPN service, then your DNS requests could be sent to your ISP to be resolved.
How to test for DNS leaks
The easiest way to test for a DNS leak is to go to www.dnsleaktest.com and run a free test. It will tell you your device’s IP address and your rough location. You should run two tests, one before you activate your VPN service and one after, to ensure that your online privacy is protected. If both tests turn out the same results, then your VPN service is not protecting your DNS requests.
ProtonVPN DNS leak protection
We do not use third party DNS servers (we operate our own DNS servers) and we always route all your DNS queries through our encrypted VPN tunnel. Our native apps have a default DNS leak protection feature that forces your Internet connection to resolve DNS queries via our DNS servers. We also go a step further with our Kill Switch feature, which blocks all network connections in case you lose connection to our VPN server. This way ProtonVPN keeps you protected even when you get accidentally disconnected.
DNS leaks are simple to find and easy to prevent but they can undermine your online privacy and security. Be sure to only use trustworthy VPN services, use the recommended settings, and test for DNS leaks regularly.